Rejected unauthenticated access error

The forum to discuss the Headless version of Servoy. Web, Java and Servlet development questions can all be posted here.

Rejected unauthenticated access error

Postby Ugo » Fri May 04, 2012 2:23 pm

Hello,

We recently upgraded our server to Servoy6 and we're experiencing problems when using the headlessClient.

The code for this part is strictly identical, except for some JSDoc stuff, but apparently invoking the function call below :
'headlessClient = plugins.headlessclient.createClient('mymodule','user','pass', null)
brings that error.

This is called from our login module

Obviously, if you need additional information about the method itself and the module settings, I will provide it immediately, but the settings, again, are the same as they were on with 5.

Here's the complete console log if anyone can help. Thank you.



****
4 mai 2012 14:05:22 com.servoy.j2db.util.Debug error
GRAVE: Throwable
java.lang.SecurityException: Rejected unauthenticated access
at com.servoy.extensions.plugins.headlessclient.HeadlessServerPlugin.createClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at $Proxy3.createClient(Unknown Source)
at com.servoy.extensions.plugins.headlessclient.HeadlessClientProvider.js_createClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:179)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:367)
at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:81)
at org.mozilla.javascript.gen.c17._c0(launchProvisioning:74)
at org.mozilla.javascript.gen.c17.call(launchProvisioning)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:101)
at org.mozilla.javascript.gen.c16._c0(onActionDoProvisioning:177)
at org.mozilla.javascript.gen.c16.call(onActionDoProvisioning)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:387)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3134)
at org.mozilla.javascript.gen.c16.call(onActionDoProvisioning)
at com.servoy.j2db.scripting.ScriptEngine.executeFunction(ScriptEngine.java:528)
at com.servoy.j2db.FormController.executeFunction(FormController.java:4063)
at com.servoy.j2db.FormController.executeFunction(FormController.java:3942)
at com.servoy.j2db.FormController.executeFunction(FormController.java:3864)
at com.servoy.j2db.FormController$ScriptExecuter.executeFunction(FormController.java:3719)
at com.servoy.j2db.ui.BaseEventExecutor.fireEventCommand(BaseEventExecutor.java:271)
at com.servoy.j2db.ui.BaseEventExecutor.fireActionCommand(BaseEventExecutor.java:217)
at com.servoy.j2db.ui.BaseEventExecutor.fireActionCommand(BaseEventExecutor.java:212)
at com.servoy.j2db.smart.dataui.AbstractScriptButton$2.actionPerformed(AbstractScriptButton.java:670)
at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2028)
at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2351)
at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
at java.awt.Component.processMouseEvent(Component.java:6373)
at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
at java.awt.Component.processEvent(Component.java:6138)
at java.awt.Container.processEvent(Container.java:2085)
at java.awt.Component.dispatchEventImpl(Component.java:4735)
at java.awt.Container.dispatchEventImpl(Container.java:2143)
at java.awt.Component.dispatchEvent(Component.java:4565)
at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4621)
at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4282)
at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4212)
at java.awt.Container.dispatchEventImpl(Container.java:2129)
at java.awt.Window.dispatchEventImpl(Window.java:2478)
at java.awt.Component.dispatchEvent(Component.java:4565)
at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:679)
at java.awt.EventQueue.access$000(EventQueue.java:85)
at java.awt.EventQueue$1.run(EventQueue.java:638)
at java.awt.EventQueue$1.run(EventQueue.java:636)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:98)
at java.awt.EventQueue$2.run(EventQueue.java:652)
at java.awt.EventQueue$2.run(EventQueue.java:650)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
at java.awt.EventQueue.dispatchEvent(EventQueue.java:649)
at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:296)
at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:211)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:201)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:196)
at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:188)
at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)
4 mai 2012 14:06:17 com.servoy.j2db.util.Debug log
****
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France

Re: Rejected unauthenticated access error

Postby rgansevles » Fri May 04, 2012 5:45 pm

Ugo,

Are you using the headless client plugin from a smart client in the login solution?

Rob
Rob Gansevles
Servoy
User avatar
rgansevles
 
Posts: 1927
Joined: Wed Nov 15, 2006 6:17 pm
Location: Amersfoort, NL

Re: Rejected unauthenticated access error

Postby Ugo » Fri May 04, 2012 6:03 pm

Rob,

Thanks for your interest,

I'm using the headless client plugin from a smart client, from within the login module. The client is not logged in though, as we provide a process to provision his account from within the login solution, when our authentification process failed to identify any record for the client. This authentication is triggered through the onSolutionOpen ( ) method, which checks for the arguments when accessed through a deep-link.

the headless Client targets a 'provisioning' module which has 'must authenticate' checked, and these other properties ( same as Servoy 5 ) :
- firstform: prov_test
-loginForm : Default
loginsolutionname : none
modulesNames : same list, the login solution is not referenced
mustAutheticate : checked
solutionType : module


Thanks

Ugo
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France

Re: Rejected unauthenticated access error

Postby Ugo » Mon May 07, 2012 10:58 am

Good morning,

So I tried several settings during the week-end. In order to use a HC now, it seems that the user must be authenticated. Is this documented somewhere ?

In my scenario, where a user formerly authenticated from a portal may directly provision his account from a dedicated form on the login module, I would have preferred that the previous behavior had been maintained.
In my current scenario, the user account was created using the Headless through a method passing all parameters to generate not only that user account ( in my user table ) but all its particular settings. The user was therefore logged in at the end of the provisioning process.

I am a bit lost now, what should I modify ? Should I log anyone coming from the authentication portal with no user account with a dedicated login for this provisioning process ?

Thanks

Ugo
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France

Re: Rejected unauthenticated access error

Postby Harjo » Mon May 07, 2012 2:35 pm

What you should do is bring your HC code, to the authenticator. than you call that code, from your login-solution, and return any result back from the authenticator to the login-solution.

The login solution is very limited in functions (this because of all kind of security things)
that it worked before, was probably a bug?

or maybe this is the one, you run into:

Enhanced Security is now the default mode. The UI in Servoy Developer and in the Application Server to disable it has been removed. It is only possible to disable Enhance Security through setting the relevant property in the servoy.properties file: "servoy.application_server.enhancedSecurity=false"

can be found here: http://wiki.servoy.com/display/public/D ... iorchanges
Harjo Kompagnie
ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
Harjo
 
Posts: 4321
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: Rejected unauthenticated access error

Postby Ugo » Mon May 07, 2012 4:24 pm

Thanks Harjo,

Sorry I don't get it. Let me be more explicit about our current settings and processes.

I'm already calling methods in the authenticator module. Wether the starting args reveals the user is entering the application through a deep-link or not, I'm using one method or another in the 'auth' module.
- With a standard access, we'd be calling an authentication method that will simply check the user login and password.
- With a deep-link access, we'd use the arguments received ( a key that we decode and a url to call ) in order to externally authenticate the user, through a POST request.

In the second situation, the result is passed back to the login solution. But still, this user does not necessarily exist in the SQL database we use for our SaaS application, if he just subscribed for our services on our partners web sites.

When the user is identified, wether with the standard authentication or the other, the user would be logged in and the onOpenSolution method will be triggered correctly. But when the user doesn't exist in our database, none of the information received from the authenticator can be used to login that user. In this case, we need to present the user with several options prior to provision his account.This is done through a provisioning form in our login solution.

Currently, the result of the post, combined to the user settings will then be passed as parameters to our provisioning module, called through a HC to reduce the processing times. This also provides a way to get the processing flow and progression through the getDataProviderValue.

Now, what exactly are you suggesting with "bring your HC code" ?

I will investigate the enhanced Security part of your answer, thanks a lot, but this refer to the old system I think


Ugo
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France

Re: Rejected unauthenticated access error

Postby Harjo » Mon May 07, 2012 4:59 pm

I'm trying to understand your setup...
why use a seperate Headless Client module for that? the authenticator IS already a (headless) client ON the server.
Harjo Kompagnie
ServoyCamp
Servoy Certified Developer
Servoy Valued Professional
SAN Developer
Harjo
 
Posts: 4321
Joined: Fri Apr 25, 2003 11:42 pm
Location: DEN HAM OV, The Netherlands

Re: Rejected unauthenticated access error

Postby Ugo » Mon May 07, 2012 7:08 pm

Well, because :

- In my mind, as a design result for security, the authenticator module was striclty dedicated to authentication, with no relations objects whatsoever and no connexion to other modules of the solution

- I need to give some information of the progression to the user ( a dozen of tables are affected through creations of single or multiple records ), and I can't see how I could do the following through the authenticator, which is how the user sees his provision progress

Code: Select all
while (n <= _themax && _error_stop == false) {
         n = headlessClient.getDataProviderValue(null, "globals._prov_progress")
         _currentstep = 'Etape ' + n + ' sur ' + _themax
         application.updateUI(10);
      }


What am I missing ?

Ugo
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France

Re: Rejected unauthenticated access error

Postby jcompagner » Mon May 07, 2012 10:46 pm

you must do that through the Authenticator, we don't allow access to the server portion of the headless client if the client is not already authenticated.

So what harjo means at the moment you now are trying to create a HC you should just call the authenticator with some parameters that then does the same thing as the HC
you could even just create the HC from the authenticator and call the same thing you do now from the login solution.
Johan Compagner
Servoy
User avatar
jcompagner
 
Posts: 8829
Joined: Tue May 27, 2003 7:26 pm
Location: The Internet

Re: Rejected unauthenticated access error

Postby Ugo » Wed May 09, 2012 7:02 pm

Thank you Johan,

So that's new in Servoy 6. I will try that way then

Ugo
Ugo Di Luca

SaaS Software Development Engineer ( Paris - France )
Cegid - http://www.cegid.fr
FileMaker Developer, trainer and consultant
DL Systems- http://www.dlsystems.fr
User avatar
Ugo
 
Posts: 28
Joined: Mon Dec 25, 2006 2:26 pm
Location: Paris, France


Return to Servoy Headless Client

Who is online

Users browsing this forum: No registered users and 6 guests